[原文]PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.

-
漏洞信息

-
漏洞描述

WebCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes/config.php not properly sanitizing user input supplied to the 'includedir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
This can be exploited further to disclose the content of arbitrary files by including a malicious settings.php file which overwrites the "user_inc" variable and will allow arbitrary local file disclosure.

-
时间线

公开日期:
2006-05-30

发现日期:
Unknow

利用日期:2006-05-30

解决日期:Unknow

-
解决方案

Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

-
不受影响的程序版本

k5n WebCalendar 1.0.4

-
漏洞讨论

WebCalendar is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

WebCalendar version 1.0.3 is vulnerable; other versions may be affected.